Stories
Slash Boxes
Comments

SoylentNews is people

WhatsApp Encrypts End-to-End in Latest Version

posted by cmn32480 on Tuesday April 05 2016, @11:17PM   Printer-friendly
from the what-about-beginning-to-beginning dept.

Max Hyre writes:

The title pretty much says it all. According to the report:

the service will encrypt all messages, phone calls, photos, and videos moving among [the devices].

Moxie Marlinspike is involved, so they have a chance of getting it right, and no one, even WhatsApp, will be able to know what you”re saying, texting, viewing, &c. (Unless, of course, your widget is running malware, or the opposition can get their mitts on it.)-: They claim this is available on nearly a billion devices—this is a really big deal.

takyon: Alternate links with no Wired paywall: TechCrunch, Washington Post, CNET, Reuters.

Original Submission

 
This discussion has been archived. No new comments can be posted.
WhatsApp Encrypts End-to-End in Latest Version | Log In/Create an Account | Top | 52 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by edIII on Wednesday April 06 2016, @02:23AM

    by edIII (791) on Wednesday April 06 2016, @02:23AM (#327899)

    You're being gracious.

    They could say that it couldn't even be broken in infinite time, but all of that means precisely dick.

    Proprietary? Check
    Faceboook? Check
    Complete lack of transparency? Check

    Encryption will only be trusted, if and only if, ALL of the code, methods, *everything* is FOSS. That's the only encryption that I will ever trust, and even then, the chain o' security begins with the device itself.

    End-to-end encryption is wonderful......... when it's transparent and can be vetted. Otherwise, we can pretty much assume the NSA has enough of the whatever they need to brutally compromise WhatsApp.

    In a way it's hilarious to expect privacy from a Zuckerberg corporation. It's not like he gets rich off your privacy or anything......

    --
    Technically, lunchtime is at any moment. It's just a wave function.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 3, Insightful) by Fnord666 on Wednesday April 06 2016, @04:04AM

    by Fnord666 (652) on Wednesday April 06 2016, @04:04AM (#327920) Homepage

    Encryption will only be trusted, if and only if, ALL of the code, methods, *everything* is FOSS. That's the only encryption that I will ever trust, and even then, the chain o' security begins with the device itself.

    It has to go further than that. You have to be able to build the application from the available source code and toolchain. Just because you can see some source code doesn't mean the binary you just installed was built with it.

    • (Score: 0) by Anonymous Coward on Wednesday April 06 2016, @06:21AM

      by Anonymous Coward on Wednesday April 06 2016, @06:21AM (#327944)

      https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf [cmu.edu]

      • (Score: 3, Informative) by Pino P on Wednesday April 06 2016, @07:55PM

        by Pino P (4721) on Wednesday April 06 2016, @07:55PM (#328219) Journal

        You mention the Ken Thompson "Trusting Trust" attack involving a backdoored compiler. That's far less of an issue now that we have multiple independent implementations of C++. With more than one compiler, you can bootstrap a free compiler off each of them. This is the "diverse double-compiling" mitigation [dwheeler.com] described by David A. Wheeler.

        Phase 1: Start with three independent C++ compilers (call them VC++, IC++, and Clang++) and the C++ source code of a free C++ compiler (call it G++). Then compile G++ with each compiler. The resulting executables (G++/VC++, G++/IC++, and G++/Clang++) will differ due to different optimization approaches, but if none are compromised, all should have the same behavior, namely that of G++. The next phase will show that this is the case.

        Phase 2: Now compile G++ with each of these G++/* executables. Because they have the same behavior, they should produce bit-identical executables: G++/G++. If the resulting executables differ (other than in embedded timestamps), then one or more of the compilers is compromised. But if they're the same, there are two possibilities. Either all compilers are clean, or they share the same backdoor. Which is more likely?

  • (Score: 2) by q.kontinuum on Wednesday April 06 2016, @05:47AM

    by q.kontinuum (532) on Wednesday April 06 2016, @05:47AM (#327940) Journal

    It still means if they keep secretly access, they can't use the obtained information openly and need to keep a close eye on everyone involved, so nobody finds out. That might limit the ways the information could be used. (On the other hand, whoever still trusts this blindly ever since Snowdens leaks will probably not change his mind if something like that came out...)

    --
    Registered IRC nick on chat.soylentnews.org: qkontinuum